Topic 1 Question 239
3 つ選択A company finds that one of its Amazon EC2 instances suddenly has a high CPU usage. The company does not know whether the EC2 instance is compromised or whether the operating system is performing background cleanup.
Which combination of steps should a security engineer take before investigating the issue?
Disable termination protection for the EC2 instance if termination protection has not been disabled.
Enable termination protection for the EC2 instance if termination protection has not been enabled.
Take snapshots of the Amazon Elastic Block Store (Amazon EBS) data volumes that are attached to the EC2 instance.
Remove all snapshots of the Amazon Elastic Block Store (Amazon EBS) data volumes that are attached to the EC2 instance.
Capture the EC2 instance metadata, and then tag the EC2 instance as under quarantine.
Immediately remove any entries in the EC2 instance metadata that contain sensitive information.
ユーザの投票
コメント(1)
- 正解だと思う選択肢: BCE
B. Enable termination protection for the EC2 instance if termination protection has not been enabled. This prevents accidental termination of the instance during the investigation.
C. Take snapshots of the Amazon Elastic Block Store (Amazon EBS) data volumes that are attached to the EC2 instance. Creating snapshots ensures that you have a backup of the current state of your data volumes, which is crucial for forensic analysis.
E. Capture the EC2 instance metadata, and then tag the EC2 instance as under quarantine. Capturing metadata provides information about the instance that could be useful during the investigation, and tagging the instance helps in tracking and managing the investigation process.
👍 3IPLogic2024/12/05
シャッフルモード